I'm not sure why you think a setuid script will gain you anything (usually you want to give CGIs and the like as few permissions as possible), but see the Password Protection of TPA's CGI/Perl guide for various implementations along this theme.

On a higher level, you would want something like the following pseudo code on every page you want protected ...

Protect the data directory using .htaccess. Only you know the password so it is secure. chmod the directory to 777.

Now write a CGI script that will open and read files in the protected directory, the files it will read depends on the user. You have to be very careful to use absolute paths and to check input for unix meta characters, and .. to avoid hackers, but as the script is running as the nobody user (not setuid as I originally thought) it is inherently safer.

A Yahoo! mail style login can set a cookie to maintain state, and if necessary a session file can be created for the user.